Web crawling and data protection: CNIL has issued a 180,000 EUR fine against a provider of automobile insurance policies for failure to adequately protect data in violation of GDPR, specifically citing disallowing web crawling as a way to protect personal data from wrongful access.

In particular the company :
  1. sent usernames and passwords in cleartext

Spotlight on adequate/reasonable protections to personal information – Part 1 – France.

CNIL fined a real estate company 400,000 EUR for failure to implement adequate protections to personal data in violation of GDPR.

In this case, the URLs on the company’s website were the problem. By changing a character, you could gain access to documents

GDPR Enforcement is coming says French data protection authority, CNIL.

“According to the head of France’s data protection authority, the period of relative tolerance following the introduction of the General Data Protection Regulation (GDPR) is now over.”

“Going forward, any company that has yet to comply with the rules should expect tough scrutiny and, failing

  1. The French Data protection authority, CNIL, has issued a “Developer Kit” setting forth best practices for data protection.

Key takeaways:

  • Before using a development tool, especially for personal data, read the conditions of use.
  • If the data requires a maximum level of confidentiality, use tools with a local instance, rather than the cloud.
  • Conduct a

Enforcement is coming – says CNIL, the French Data Protection Authority.

CNIL published its enforcement priorities for 2019. CNIL will no longer refrain from enforcing new obligations imposed by GDPR, but it will continue to exercise judgment in the choice of corrective measures and will not resort to fines every time. CNIL’s enforcement program will

The French Data Protection Agency CNIL received 11,077 complaints in 2018, up 32.5 percent compared to 2017.

Other highlights from the CNIL 2018 report

  • CNIL carried out 310 investigations in 2018, of which 204 were onsite, 51 online and 51 on the basis of documentation.
  • 49 orders were adopted in 2018, of which five were

The French Data Protection Authority, CNIL, issues guidance on credit card data in remote transactions:

  • Merchants who collect credit card detail to facilitate a transaction, need the consent of their customers to keep their bank details beyond such transaction, to facilitate their subsequent purchases.
  • This consent is not presumed and must take the form of

A 50 Million Euro GDPR fine recently issued by French data protection authority CNIL provides actionable lessons for companies handling personal information for advertising purposes. First and foremost, refrain from block consents; state your data handling practices clearly:

  • make sure information you provide users is easily accessible
  • tell people why you process their information, for

Sharing personal data with data brokers or other businesses partners? French regulator, CNIL, has new guidelines for you to follow.

Highlights include:

  • The individual whose data is shared must give consent before any transmission to partners.
  • The individual must be able to identify the partners, recipients of the data, from the form from which the